Ineffective or noncompliant security practices of service providers, the inability of customers to examine controls, the prospect of data leakage and the loss of data if a cloud service is terminated present challenges.
Deputy Defense Secretary William Lynn III cautions that cuts to IT security initiatives, when they come, must be carefully applied, and certain areas must remain exempt from the budget ax, such as cybersecurity.
"Organizations are putting in layers of security and tools to safeguard information and assets, however, the fraudsters are attacking our weakest link, the consumer," says Anthony Vitale of Patelco Credit Union.
UBS's $2 billion loss to rogue trading provides lessons for all banks. What's missing in today's financial institution culture is a balance between profits, ethics and governance, says risk management expert Frances McLeod.
"With a company-issued device, you can issue a policy that says users have no rights of privacy over information on the device," says Javelin's Tom Wills. But with employee-owned devices? A whole new set of issues.
Michigan this month merged government agencies responsible for physical and information security, consolidating resources as well as opening new areas for growth and partnership, state Chief Security Officer Dan Lohrmann says.
RSA Chief Executive Art Coviello challenged a widespread belief that cybersecurity awareness could curb cyberthreats: "There's no amount of consumer education to make them smart enough to resist attacks. They're just too sophisticated."
Elayne Starkey recently gave up her BlackBerry for an iPhone, and uses the Apple mobile device for personal and work doings, securely connecting to the computer system of her employer, the state of Delaware.